Posts tagged ‘PCI-DSS’

Subscribe

Someday, cloud security vendors and cloud services providers will convince enterprise IT that it’s safe to move sensitive data and mission critical apps from the private cloud to the public cloud.

Unfortunately, that day has not yet arrived.

Security practitioners, consultants and analysts interviewed for this story say cloud security vendors and cloud services providers have a long way to go before enterprise customers will be able to find a comfort zone in the public cloud, or even in a public/private hybrid deployment.

My Take> Until we have more standards around Cloud Security Models, Interoperability Standards and Data Classification Standards this will remain an issue for the adolecent cloud industry. As an industry we’ve only just got our “P’s”, and we can’t wait to explore the super information highway, but we still need to learn how the road-rules apply in the real world!

What I find most interesting, is that this is yet another article quoting that service providers are doing security better than a lot of in-house IT teams.
So while security in the cloud is not YET perfect, it’s not as bad as sometimes depicted! Cloud Computing providers that already operate facilities and services under the ISO27001, PCI-DSS and ASIO T4 standards already have a pretty good start. I would argue that providers operating under these security standards, of which there only a handful, would provide better security standards than more than 90% of the Enterprise and Corporates businesses out there. Perhaps Cloud Standards built around these security models and data classifications would be a good start!! Your thoughts??